When building any site that will interact with Facebook, you need to have a user connect their Facebook account with your site. You create an app listing on Facebook, get some handshake tokens, put them in your code, then have a user initiate a connection between your site and their Facebook account.

The initiation is usually a button that says something like “Connect with Facebook”. Behind the button is some code that indicates your token and what permissions your site wants from the requesting user. Usually you’ll want your site to have their email address, maybe some permissions to read their wall posts or perhaps even post on their wall. For many types of sites (like a couple I’ve worked on over the last year) you *really* are only using Facebook as an authentication system, and you’re not planning on doing any interaction with Facebook at all, so you don’t really want any permissions to their data or wall or anything else.

However… Facebook *requires* that you get access to certain aspects of the users’ data. Even if you don’t ask for it. It’s confusing, poorly documented, and certainly causes many people to abandon signups partway through the process.

“The public profile and friend list is the basic information available to an app. All other permissions and content must be explicitly asked for.”

But… it doesn’t indicate that there will be a popup asking for this.

The only “permission scope” being requested is “email”. But Facebook insists on presenting this warning that MY SITE is REQUESTING “friend list” permissions. We’re *not* doing this – we do not want the friends list, but have no way of *not* getting it.

“When a user logs into your app and you request no additional permissions, the app will have access to only the user’s public profile and also their friend list.”

What happens when you *do* in face request “additional permissions” is that you still are presented to the user as asking for permission for their friend list. I suppose the word “additional” has an implication there, but really, this is dealing with computery/programmery stuff – be explicit about what happens in both situations.

More to the point, give people a way to *not* have access to friend lists. This is offputting to users, and in an age where privacy is a bigger concern than ever, requiring access to data that is not needed or wanted is negligent. I suppose it would disrupt all the farmville and candy crush clones from making a living by not requiring people to spam their friends.

I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!

Detroit’s been having a tough time of things over the past couple of decades. Industry closing, people leaving, rotting infrastructure, etc. They’ve even been taken over by an emergency manager appointed by the state. The problems are legion, the proposed solutions are all over the place. My humble proposal is short, and to the point.

A state tax holiday for people living in Detroit.

The specifics may be a bit up for debate (5 years? 10 years?) but at the core of Detroit’s problems is a lack of people, and specifically a lack of young people earning money. People don’t move *to* Detroit – they move to the suburbs. Why? Lower crime may be one reason, but typically the issue is jobs and lower taxes. You have to pay a city income tax to live in Detroit, on top of state taxes, and federal taxes. The state has a big interest in getting Detroit in the right direction – instead of being a resource drain. So… the state should give a tax holiday to anyone living in Detroit for, say, 5 or 10 years.

There are people who would move in to the Detroit city limits immediately to save a thousands of dollars in state income tax. Detroit would get income tax from those people to help fund the city improvements that are needed for those areas. The state would lose revenue from those people, but would, over the long haul, be required to spend less to sort out Detroit’s problems and prop them up when necessary – the residents themselves would be doing so.

More people moving to Detroit in the short term would probably mean more commuting – people may drive to Royal Oak or Ferndale for their jobs, but live in Detroit for the tax savings. But over time, more people living in the Detroit city limits would mean more demand for businesses and jobs to locate in those borders as well.

Why should *businesses* get tax abatements and deals to move in to Detroit (or any city) but not residents? Detroit needs more residents than it does businesses. The more residents that it has, the more businesses will follow to serve those residents. An extra 50,000 people living in an area of Detroit should be enough to get some Kroger stores to open up to serve those residents, right?

Yes, this is overly simplistic, but it’s also something that shouldn’t require a lot of planning. People fell over backwards trying to take advantage of the ‘new home buyer credit’ a few years back, which essentially just saved them a few thousand dollars one time, while generally saddling them with huge mortgages. People move to states at least in part because of income tax codes (obviously not always, but for many people it’s a factor). Detroit needs active, productive people to live there. Give them an incentive to do so and I believe they will.

I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!

Had an interesting chat with my aunt and uncle this week, and got on to the topic of people changing other people. Initial discussion was in the context of some marriage counseling advice heard on the radio recently – (typically) women getting in to bad relationships or marriages with someone who they think they can “change”. “He’ll change after we’re married”, etc. We’ve all heard that sort of stuff, and I would think most of us know instinctively that it’s wrong, but why? Is it just experience, and that’s why we see teens and young adults saying these things? Probably not entirely – I’ve known grown people in their 30s and 40s still saying/believing these sorts of things.

It hit me a couple days back that the best evidence to point out to someone thinking that they can change someone is to point out that they’re likely not capable of changing themselves. Most of us require enormous willpower to overcome habits and addictions we have. Even when we *know* we should stop/change/start behaviour, it’s often a massive struggle. Smoking, drinking, binge eating, junk food, exercise, work habits – all of these core basic things have billion dollar industries vying for our attention to help change our behaviour in different ways, and we still fail. HOW ON EARTH does someone think they can “change” someone else when it’s so hard to change yourself?

I don’t think I’ve ever heard that line of reasoning used in the discussion of why “I can change this other person” is faulty thinking, but it seems potentially a powerful argument to me. I say this as someone who’s wrestling with going to the gym on a regular basis, as well as increasing my juicing and cutting back on bad foods. This is a no-brainer, but it’s still a struggle. How I could change someone else’s behaviour when I can’t change my own… I’ve no clue.

Thoughts? Do you think it’s easier to change someone else vs yourself? Is it easy to change yourself?

I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!

NOTE – this is not autobiographical – I’m currently still a fulltime freelance/independent contractor and have immediate plans to make any changes in that status.

I’ve had a few friends and acquaintances recently go through periods of transition, shifting from contract and freelance work to something else. In some cases the transition was voluntary, sometimes not. I wanted to share some thoughts on what I’ve observed so far.

In more than a couple cases, friends looking out in to the job market – interviewing at companies and such – don’t have a good idea of the market rate for either their skills or the value they’d bring to a company. To whatever extent possible, survey your friends/colleagues in an area with similar skills, get ballpark estimates from then about what they’re earning, and try to get them to indicate salary vs benefits/perks. Money is a personal subject for many, and you may not get a full honest answer from someone. Ask them to just give you a range.

If there’s hesitation or a privacy concern, rephrase the question a bit – “if I was to apply for a job doing XYZ at your company, what should I expect as a salary?”. I don’t know too many people who would have a problem answering that – it allows them to give specifics without disclosing what they make personally, which may be higher than what they quote you based on other factors. Knowing that most people would be making about $80k doing mid-career PHP or Python development at companies X, Y and Z will help you when talking to company K, assuming they are of similar size/region/industry, and you’ll feel more comfortable if/when the money question comes up during an interview.

In some cases, this question comes up very early on, primarily as a screening tactic by HR departments. If they’re thinking $60k, but you’re thinking $150k, there’s no point in moving forward. Unfortunately, most HR departments I’ve talked with over the years are a bit too cagey, and demand a number from you first vs just giving you a range they have in mind. Bear in mind, if they have a range of $60-$75k, that doesn’t mean the company may not raise that range to meet you, but that usually won’t be a consideration until after a few interviews.

A freelance friend of mine recently landed his ‘dream job’ doing R&D work for a large company. I was sad to see him leave the freelance world, but I knew for him it was for the best. What worked for him? Hard to say if it was any one thing, but he was fairly ‘plugged in’ to the community at large – he’s blogged in public for years, spoken at many conferences, published magazine articles, and contributed some notable open source code to projects. Whether any of those specifically were factors in this particular job offer, I can’t say, and I’m not sure he could either. In my view, they all contributed to his profile. When new positions come open, they’re often floated by connections in personal networks first. Having a strong personal network, and letting people in that network know you’re looking for new options, is a very useful tool, but also one which you can’t get overnight.

The other side of personal networks – if someone reaches out to you with an opportunity, *acknowledge* them. I’m speaking from experience here. When I reach out to someone with a project or job I think would be a good fit for them, and they simply ignore me… they’re not on my good list any more. It’s not as if I hate them personally, but I won’t bother to go out of my way to spot opps or jobs I think would be beneficial for both parties.

This happens to me multiple times per year – I hear someone is looking for a new job, I forward some one or more opportunities, and *nothing* ever is responded to. This behaviour is just *odd*, and possibly may help explain why person X may not be happy in their current job or may be continuing to look for IT work when the current IT market is pretty hot. Few projects of mine have ever failed due to technical issues – many have failed or been derailed due to personality conflicts or communication problems. Bottom line – if someone is courteous enough to be thinking of you and your needs, reply to them acknowledging that you received the information. Even if the position isn’t necessarily what you’d consider a good fit, replying is just good manners.

Another friend recently transitioned from part time contractor to full time employee. After several years contracting for one department, he was offered an expanded role full time, which seems to be suiting him quite well. This one is not something you can easily plan for, and in his case certainly took me by surprise. Not because he’s not capable of the work, but I didn’t think the company was looking to expand their service offerings. Maybe they weren’t until recently – who knows? But an opportunity came along and he was ready to transition from freelance to full time.

Are you looking for a full-time gig? What’s worked for you? What have been the stumbling blocks? Let me know!

I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!

The latest big deal in the US is that our postal service is losing money hand over fist, and may have to scale back or shut down. I don’t suspect shutting down forever will feasibly happen, but we’ll probably see a scaling back.

Email and internet are being blamed for much of the demise of the post office, and there’s a lot to be said about that angle. Yes, we send fewer items now than years ago, largely due to electronic stuff – invoices, contracts, billpay are all often done by the web or email.

And rural post offices are being singled out as largely unprofitable, losing the most money. And it makes some sense – small populations set far apart from each other, rising fuel costs, fewer people paying in to send mail, etc.

How to fix this?

Charge for receiving mail. Perhaps just in rural areas. People will quibble about what’s ‘rural’, and they’ll argue over price. I’ll throw this out to start with $29/year for home delivery of mail. In our area, this might not entirely cover the shortfall, but I’m sure it would go a long way towards helping out.

“But but but… that’s wrong!”. Well… it’s not really. We’ve already conditioned ourselves to pay for email, but for some reason we think we shouldn’t have to pay for USPS.

To send email, I have to have an account. True, some people get away with free webmail accounts at libraries and whatnot, but the overwhelming majority of people taking advantage of electronic billpay, invoices through email, etc – they’re all paying for an internet account. Often multiple times – many people have data plans on phones, home internet, and their employer pays for it at work. Internet providers are making a true killing at this, effectively offering almost ‘unlimited’ correspondence transmission, while the USPS struggles with ‘pay per stamp’ pricing.

I’m not suggesting we all pay a flat rate to mail stuff, but consider this. Someone drives bits of paper to my house every day – for free (yes, the sender paid something, but as we see, the USPS is losing money on this). I get home delivery for *free*. Now… if I want some privacy, I can *pay* for that same mail to stay in a PO box which I’d visit at my convenience. So… *pay money* to have the mail sit at a post office, or *drive* it to my house for free. Does that make much sense?

Charge me $29/year for home delivery – think of it as USPS “Prime” (ala Amazon), and keep my mail at a local PO box for free, but clear it out every 3 days.

This would change the economics in a hurry – many people wouldn’t opt for the home delivery, and they’d miss out on a lot of junk mail. Junk mailers may stop sending as much junk. The junk mail does help subsidize the USPS, but some of that would be offset by income from people paying for the home delivery.

I understand many smaller offices wouldn’t be able to provide boxes for everyone right away – it may have to be manual labor at the front desk for now – show your ID, get your mail. This would encourage people to get home delivery.

It’s not perfect – maybe a little crazy, even – but I’d like to see people coming up with better solutions to this. Certainly people don’t have a problem paying for delivery of stuff to their home – Fedex/UPS manage it – but I do think it’s high time we look at charging for rural mail delivery (perhaps all mail delivery at some point). If it cuts down junk mail, keeps service people on the road, and reduces losses (or helps make a profit) – what’s the downside? I’m sure there’s some, but I can’t think of any right now.

I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!

I’ve been kicking around an idea for a while now, discussed with some friends, but don’t have time to implement this just yet. I may use this at the core of a project early next year, but I wanted to get the main idea out there now. Perhaps others are already doing this, but I haven’t seen it anywhere (yet?).

Currently, many apps tie in with twitter/facebook/etc for authentication – a third party openid server indicates to the original app that you are who you say you are. In some cases, there’s even a degree of sharing of data or allowing of control of a remote app (posting tweets via oauth, updating facebook wall, etc). What I’ve not seen yet is something which allows for collaboration, with degrees of permissions defined by relations in your personal social graph.

For example, consider google docs. Rather than inviting and granting permission on specific docs to specific people, allowing anyone who is following me on Google Buzz or FriendFeed to have read access to my document would be useful. Take that a step further – anyone who I’m following back – a two-way relationship – would automatically have read *and* write permissions on that document.

This is a somewhat simplified example, but the notion of permissions being automatically granted/revoked based on position and status in my social graph seems relatively unique (if also a probably rather obvious evolution in the coming near term).

Are there examples of this behaviour out there already I’m not seeing?

I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!

I’ve had landline phone service all my life. I’ve had cell phones for a long time, and Vonage for about 6 years. Even with Vonage and cell pones, I’d never brought myself to get rid of the landline. Rationalizing it was not too hard – we occasionally get power outages as well as internet outages, so having a stable line would be at least moderately useful for these minor occasions. However, the monthly bill got landline service seemed to go up continually each month, regardless of how little we used it each month.

A few months ago the bill started going over $50/month, and this is for *nearly* no bells and whistles – no voicemail, no ‘warranty’ on the line. Wait, I tell a lie – we had an ‘international calling plan’ package, so that when we called my wife’s family overseas it would only cost 10 cents per minute instead of $1.25 (approx). That said, we still rarely used the thing. The base rate was a bit over $30/month, and taxes/fees – even if we made no calls at all, added another $16/month – > 50% tax/fee rate, basically. So keeping a solid phone connection to the house was $46/month before *using* the stupid thing.

A few years back the taxes seemed lower – I would swear total fees before making any calls was below $40 back in 2006. I may fish out an old bill and compare if I can find one. In any event, when bills for minimal usage started creeping over $50, I’d had enough. We already have a Vonage line, so I looked to port over the existing number (which many of my wife’s customers have used for years) to our Vonage box, and – great! – it was possible. The process took almost two weeks, and the service was working before we were actually notified by email that it was working, but it was fairly seamless all in all.

So, now I’ve come kicking and screaming in to the ‘no land line’ age, and it feels a bit odd. What was funny, though, is when I called to cancel service. The *2nd* option on the provider’s phone tree was ‘If you’re calling to cancel your service, press 2′. *2*! They must be losing customers right and left. While I’m paying some taxes via Vonage, I suspect it’s only a few years before we start seeing punishing taxes applied to VOIP systems to make up for lost revenue from land lines. If the govt was recouping $192/year from me via landlines, and might only be collecting half that from Vonage tax collection.

Scratch that – nope. They’re still collecting around $16/month from me in taxes already. My minimum monthly Vonage bill is now $42.94. Hrmm…. So… I’ve sort of traded one price point for another. And actually, there’s another $5 on top of that because we have an incoming virtual number from the UK. So… $47.93 minimum. About the same as the CenturyLink line we had before. So why cancel?

Vonage is giving us much more. Unlimited calling, which many US-based VOIP providers also offer, but *every single ad* I hear/see from TWC, CenturyLink, etc – all focused on ‘unlimited calling in the US!’. I couldn’t care less, as half my family is overseas – UK and Australia – as are many of my wife’s customers. Vonage gives free calling to Australia and most of Europe in that $24.99. We pay $5 month for a UK line which rings in to us for that flat $5, and allows most of her UK customers to call for the price of a local call in the UK. Voicemail calls transcribed and sent to email for free. And… a web interface to manage it all. CenturyLink and other traditional landline monopolies have a long way to go to catch up to the value provided by Vonage. If we got a Vonage program *just* for the amount of calls we make in the US, and didn’t have international needs, we’d at least $20 off that $47, so, we’d probably be paying $25/month. And the ability to physically take the phone number (via the physical box) with you around wherever you travel is pretty nice (though I’ve only done it once).

Before Vonage, even using landline ‘calling plans’ to get international calls down to a few cents per minute, our bills were easily over $100/month, sometimes $150. Now with Vonage, two lines, a third incoming number, and *more* calling than we used to do, $55/month is about average. *Huge* savings, and more convenience. Can’t ask for much more, can you?

That’s my rant. Glad I did those numbers. It wasn’t specifically the $50/month that was necessarily upsetting, but given how little value we were getting for that $50, that was the breaking point.

I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!

Facebook, twitter, myspace, etc – all are the walled gardens of today. Twitter is probably the least walled, but I still need to have a reciprocal relationship with someone to send them a direct message – something private, not meant for public consumption.

The new mantra today seems to be ‘there is no privacy – get over it’, yet I don’t think advocates of ‘no email’ really understand just how large that implication is. Tying your communication vehicle to your public identity outlet is forcing yourself to play by those rules only.

I’d discussed with friends a few years ago the ubiquitous “mybizname@aol.com” practice we’d seen at the start of the web boom. We’d all criticized that, saying how shortsighted it was to tie yourself to AOL for your identity. But now some of them proudly have linkedin, twitter, facebook, foursquare and many other logos on their profile pages, and this seems to be the *only* way to get ahold of some people – no concept of private email at all. My view was that putting your persona in the hands of another company is bad, and I think their view was more focused on the untrendiness of AOL at the time.

Yes, I do maintain presences on the major social media networks, but it’s not the primary way (or even necessarily a *good* way) to get ahold of me. Need to contact me? Phone or email are still the best. And while I use gmail for many things, I still do quite a bit with my michael@kimsal.com email and will continue to do so for as long as email is around.

I think a degree of serendipity is lost when we shut ourselves off in our very closed social networks. I totally ‘get’ the spam issue for people – inundated with hundreds or more spams per day is wearing, timewise and mentally. But by closing ourselves off, we lose more chances for serendipitous connections.

8-10 years ago it was pretty easy to find someone’s blog and reach out to them via email, and perhaps get a response. Now often the only way to connect is to leave public comments. Sorry, I don’t want to live that much of my life in public. And this trend of everything in public has had a chilling effect on my ability to connect with others. I suspect it’s had the same effect on that of many other people, and possibly in ways younger people aren’t even aware of.

I don’t think I’m doing a very good job of organizing my thoughts on this, and I suspect I may be viewed as ‘just some old dude ranting about the good old days’. Hopefully there’s a bit more takeaway than that.

I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!

My recent thoughts turned to airline security last night after learning of the flight coming in to Detroit in which a man tried to blow up the plane. (link and link, though I’m sure there’s thousands more now).

I’ve never subscribed to the theory that our US airport security did all that much in terms of preventing actual threats. I’m old enough to remember pre 9/11 flying, and the security measures don’t seem to be doing that much better at stopping potential violent threats. In the past two years I’ve flown to San Francisco, Miami, London, Copenhagen, Sydney, Shanghai and probably a couple other places I can’t recall right now. Most of these trips had several layovers, so I’ve seen security measures at many more airports than just these. A few things initially surprised me soon after 9/11, but fail to surprise me now:

1. How differently my carry-on bags are treated during screening every single time I travel, even at the same airports. I travel with a wide variety of stuff – often a laptop, ipod, chargers, cables, headphones, microphones, video camera, small microphone and other assorted electronic goodies. Sometimes I pack them in checked luggage, but often there’s not room (or I don’t quite trust TSA bag handlers to not take something of value). So it comes on as hand-luggage. A couple of times the cabled mess has triggered a thorough hand search of all the bag contents. While annoying, I understand their need – it’s not clear what the materials are, and if something’s unknown, it’s better to check it out. Annoying, but reasonable. Why that particular mess of cables and such doesn’t trigger the same response at different airports is what’s troubling to me. Each checkpoint area seems to be having their own guidelines as to what is ‘suspicious’ and what isn’t. To be certain, it may be the experience and judgement level of those involved, but based on the behaviour I witness of security checkpoint personnel (see below), I’m not convinced that’s the reason.

2. How lax the staff appear at various screening areas. I don’t particularly want hard-nosed drill sergeants barking orders at me, but I also don’t want people falling asleep. It seems I generally find both extremes at security checkpoints, which annoys me. I’m not saying these are the *only* people – there’s also typically a mix of seemingly decent, diligent people staffing these areas. But that’s not enough. I’ve watched my bags going through x-ray machines, showing a vast array of weird cables and devices (I travel with a lot of weird stuff!) and watched as the person sitting at the x-ray machine simply let it pass right through *without looking at the screen*, either with their head turned while talking to a colleague, or eating.

I’ve observed that behaviour at least 4 times over the last 12-18 months of travel. Coming up with extremely conservative numbers, those particular screeners might be letting 3-5% of the baggage go by essentially unchecked. If 5% of the bags can get by unchecked at a checkpoint, what’s the purpose of having it? The only substantive answer I can arrive at is “theater for the masses”.

My idea centers on this carry-on bag checkpoint process. Specifically, my idea would be to have the bag images be fed to an internet site and allow multiple people to judge whether something was ‘suspicious’ enough to warrant a hand investigation. However, the speed of this might not be enough to work in real time. So, the next step would be to associate a passenger picture with the bags specifically at the checkpoint, and if it’s determined through the ‘crowdsourced’ site that a particular bag should be inspected, the bag’s owner could more easily be tracked down in the airport.

While this seems like it might be a lot more work, personally, I’d trust the accuracy of dozens or hundreds of people of varying backgrounds giving their votes on a bag rather than one person who might not even be *looking* at the bag to pass judgement.

Lastly, is there a way to *report* on TSA or security staff who appear to be negligent at their post? I’d try to take pictures, but I suspect I’d be labelled a terrorist rather than someone who’s simply trying to report on someone not doing their job (which, incidentally, is supposed to be about securing my life and safety).

I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!

I’ve been working with a couple local people on developing a short term plan for them to get in to or move around in the web development job space, and I was wondering if there’s a need for something perhaps sightly more formal in the Raleigh area. Here’s my initial sketch…

reviewing web development options (technologies, focus – front end or back end, etc)

deciding on a particular technology to focus on

developing a short term game plan for achieving certain tasks – small projects to connect to a database, do flash animation, handle user authentication, etc.

work with participants to keep them on schedule, answering questions that may come up

have in speakers from local hiring companies to do presentations about their work environments and what they’re looking for in entry-level positions

have in guest presenters from the area who specialize in one tech (.net, ruby, flash, etc) to answer specific questions

general support and motivation when learning the new technology.

For some people getting in to new tech can be rather overwhelming because there’s so many choices, and often conflicting advice about what’s “best” to get in to. What I’ve found is that there’s isn’t one “best” that’s right for everyone. Learning PHP just because that’s where the jobs are, but you hate it – that’s just pointless.

Is there a need for something like this in the Raleigh area? Would you be interested in participating?

I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!